My guess is that this is some sort of way to hide a netcat executable from AV by packing or obfuscating the internals of the recompiled hex of the program. I have searched the forum and google and still have no idea. Can someone give a clue to a noob? :confused:

07-13-2009, 09:28 PM

imported_vvpalin

no its so if you have a shell you can just paste the text into the window and load up nc that way you dont need to grab it from a ftp

07-13-2009, 09:33 PM

youmansk

So... while in that shell, netcat just remains in memory? Do most AV's pick up on this?
thanks again...wait.. i see... it just echos the file to nc.exe where ever your shell is located in the directory structure...i guess..

07-14-2009, 07:12 AM

imported_vvpalin

When you gain a remote shell it is non interactive meaning it can be hard to download things. This is an easy way to get an awesome and usefull tool onto the system, if you want to bypass the AV you will either need to use something else or obfuscate the code as i doubt its going to pass.